From 4ebecf480d17550d93165ab17c249cd2caed9e5b Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Thu, 27 Jun 2013 17:53:28 +0200 Subject: Support for PKCS12, DOC update --- .../doc/MOA-ID_PreRelease_1_9_90_SNAPSHOT.docx | Bin 117063 -> 117624 bytes .../moa/id/entrypoints/DispatcherServlet.java | 8 -- .../protocols/pvp2x/signer/CredentialProvider.java | 84 ++++++++++----------- .../java/eu/stork/vidp/messages/util/SAMLUtil.java | 2 - 4 files changed, 39 insertions(+), 55 deletions(-) diff --git a/id/server/doc/MOA-ID_PreRelease_1_9_90_SNAPSHOT.docx b/id/server/doc/MOA-ID_PreRelease_1_9_90_SNAPSHOT.docx index aa52f89c9..9c63cd941 100644 Binary files a/id/server/doc/MOA-ID_PreRelease_1_9_90_SNAPSHOT.docx and b/id/server/doc/MOA-ID_PreRelease_1_9_90_SNAPSHOT.docx differ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 36a8d0d6b..e1c46f295 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -1,23 +1,15 @@ package at.gv.egovernment.moa.id.entrypoints; import java.io.IOException; -import java.io.PrintWriter; import java.util.Iterator; -import javax.servlet.RequestDispatcher; import javax.servlet.ServletConfig; -import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import org.apache.log4j.config.PropertyPrinter; - -import eu.stork.vidp.messages.common.STORKBootstrap; - import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java index 9385c945f..4a1cd45da 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer; +import iaik.pkcs.pkcs12.PKCS12; import iaik.x509.X509Certificate; import java.io.File; @@ -22,35 +23,30 @@ import org.opensaml.xml.signature.SignatureConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.KeyStoreUtils; public class CredentialProvider { - public static Credential getIDPSigningCredential() throws CredentialsNotAvailableException { + public static Credential getIDPSigningCredential() + throws CredentialsNotAvailableException { KeyStore keyStore; PVPConfiguration config = PVPConfiguration.getInstance(); try { - keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(), + config.getIDPKeyStorePassword()); - FileInputStream inputStream = new FileInputStream( - config.getIDPKeyStoreFilename()); - keyStore.load(inputStream, config.getIDPKeyStorePassword().toCharArray()); - inputStream.close(); + KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter( + keyStore, config.getIDPKeyAlias(), config + .getIDPKeyPassword().toCharArray()); - KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore, config.getIDPKeyAlias(), - config.getIDPKeyPassword().toCharArray()); - //PrivateKey key = (PrivateKey) keyStore.getKey(config.getIDPKeyAlias(), - // config.getIDPKeyPassword().toCharArray()); - //Certificate cert = keyStore.getCertificate(config.getIDPKeyAlias()); - //credentials.setPublicKey(cert.getPublicKey()); - //credentials.setPrivateKey(key); credentials.setUsageType(UsageType.SIGNING); return credentials; - } catch(Exception e) { + } catch (Exception e) { Logger.error("Failed to generate IDP Signing credentials"); e.printStackTrace(); throw new CredentialsNotAvailableException(e.getMessage(), null); } } - + public static Signature getIDPSignature(Credential credentials) { Signature signer = SAML2Utils.createSAMLObject(Signature.class); signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); @@ -58,10 +54,12 @@ public class CredentialProvider { signer.setSigningCredential(credentials); return signer; } - - public static Credential getSPTrustedCredential(String entityID) throws CredentialsNotAvailableException { - String filename = PVPConfiguration.getInstance().getTrustEntityCertificate(entityID); - + + public static Credential getSPTrustedCredential(String entityID) + throws CredentialsNotAvailableException { + String filename = PVPConfiguration.getInstance() + .getTrustEntityCertificate(entityID); + iaik.x509.X509Certificate cert; try { cert = new X509Certificate(new FileInputStream(new File(filename))); @@ -75,37 +73,33 @@ public class CredentialProvider { e.printStackTrace(); throw new CredentialsNotAvailableException(e.getMessage(), null); } - + BasicX509Credential credential = new BasicX509Credential(); credential.setEntityId(entityID); credential.setUsageType(UsageType.SIGNING); credential.setPublicKey(cert.getPublicKey()); - + return credential; } /* - public static Credential getTrustedCredential() throws CredentialsNotAvailableException { - String filename = PVPConfiguration.getInstance().getTrustEntityCertificate("sp.crt"); - - iaik.x509.X509Certificate cert; - try { - cert = new X509Certificate(new FileInputStream(new File(filename))); - } catch (CertificateException e) { - e.printStackTrace(); - throw new CredentialsNotAvailableException(e.getMessage(), null); - } catch (FileNotFoundException e) { - e.printStackTrace(); - throw new CredentialsNotAvailableException(e.getMessage(), null); - } catch (IOException e) { - e.printStackTrace(); - throw new CredentialsNotAvailableException(e.getMessage(), null); - } - - BasicX509Credential credential = new BasicX509Credential(); - credential.setEntityId("sp.crt"); - credential.setUsageType(UsageType.SIGNING); - credential.setPublicKey(cert.getPublicKey()); - - return credential; - }*/ + * public static Credential getTrustedCredential() throws + * CredentialsNotAvailableException { String filename = + * PVPConfiguration.getInstance().getTrustEntityCertificate("sp.crt"); + * + * iaik.x509.X509Certificate cert; try { cert = new X509Certificate(new + * FileInputStream(new File(filename))); } catch (CertificateException e) { + * e.printStackTrace(); throw new + * CredentialsNotAvailableException(e.getMessage(), null); } catch + * (FileNotFoundException e) { e.printStackTrace(); throw new + * CredentialsNotAvailableException(e.getMessage(), null); } catch + * (IOException e) { e.printStackTrace(); throw new + * CredentialsNotAvailableException(e.getMessage(), null); } + * + * BasicX509Credential credential = new BasicX509Credential(); + * credential.setEntityId("sp.crt"); + * credential.setUsageType(UsageType.SIGNING); + * credential.setPublicKey(cert.getPublicKey()); + * + * return credential; } + */ } diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java index a3ab2fb1b..faff5e7bd 100644 --- a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java @@ -397,8 +397,6 @@ public class SAMLUtil { } } - - return reqAttrList; } -- cgit v1.2.3